Have you received an email entitled “Urgent Atten: You Are NOT GDPR Compliant!” or “To the Data Protection Officer of [www.anyonldwebsite.com] You are on the UK GDPR Compliance Directory?
If so, please just delete and ignore; it’s a scam though quite what their angle is we are at a loss to understand.
Most UK businesses went through a torturous few months early in 2018 making sure that they were ready for GDPR compliance. With all the publicity, it passed no one by and any business worth anything made sure that they were not deliberately in a state of non compliance. Which makes this email scam all the more mysterious.
The email below was sent to one of our customers early in November (with all the customer details redacted of course)
From: “Urgent Atten: You Are NOT GDPR Compliant!” <firstname.lastname@example.org>
Date: 12 November 2018 at 16:26:51 GMT
To: enquiries@[company name here]
Subject: [company name here] Has Been Added To The Non Compliance Register
Reply-To: “Urgent Atten: You Are NOT GDPR Compliant!” <email@example.com>
Notification from the UK Non Compliance Register.
To the Owner of [company name here].
It has come to our attention that your company is not GDPR compliant.
As your company is not GDPR compliant your company has now been entered onto the Non Compliance Register.
Your company is under review and may be reported to the ICO for non GDPR compliance.
Please go to www.noncomplianceregister.com and enter your company name [company name here] into the search box.
You will see listed on the page the actions that may now be taken against your company for non GDPR compliance.
The Non Compliance Register is a FREE public service that is available to any member of the public.
The public can search the register to see if a company can be trusted to store their data securely before they give that company their personal data.
This email has been sent to inform you that you are on the non compliance register.
There is no need to reply to this email.
Disclaimer: This communication is not a business communication and can be legally sent. It is a notification to advise you of action taken against you. There is no personal data involved with this communication. The Non Compliance Register does not hold any personal data and displays only information that is already in the public domain and can be accessed and stored legally by any person who searches the ICO fee payers register for DPO’s and as such does not fall under the GDPR compliance law or the 1998 European Data Protection Act. It is a pubic service that is free of charge.
EDIT: In January 2019 they repeated the email but with slightly different data. It looked like this;
From: “The UK GDPR Compliance Directory” <firstname.lastname@example.org>
Date: 17 January 2019 at 07:07:29 GMT
Subject: To the Data Protection Officer of [www.anyoldwebsite.com] You are on the UK GDPR Compliance Directory
Reply-To: “The UK GDPR Compliance Directory” <email@example.com>
The strange thing about this entire email is that it doesn’t appear to have a purpose, other than scaring business owners.
They don’t ask for money, the link to their website doesn’t work and now, the domain is currently parked.
Perhaps the clue is in the last line where they tell us;
“It is a pubic service that is free of charge” [EDIT: Now corrected in January – perhaps they read this blog!]
If the scam develops, I would expect them to find some way of getting people to sign up for something (it’s the standard approach) which then commits business owners to pay them lots of money from pretty much nothing. [EDIT: In January they include a link which opens a reply email. You are supposed to email them and then they will send you the report. Don’t do this. It’s a scam!]
Other scams such as Commercial Register rely on similarly confusing emails and then getting people to sign for a worthless link on an obscure website costing around £3,000.
In this case, it’s unclear what the end game is but it has all the hallmarks of a scam.
The irony of this email is that they have sent it to completely the wrong person. The customer they sent it to has spent months getting ready for GDPR and is totally compliant. It was for this reason that they knew it was a scam and sent it to us.
Anyway, we’ve done a bit of digging and here are the detail of the website;
Registrant REDACTED FOR PRIVACY
Registrant Org REDACTED FOR PRIVACY
Registrant Country REDACTED FOR PRIVACY
Registrar CRAZY DOMAINS FZ-LLC
IANA ID: 1291
Whois Server: whois.syrahost.com
Registrar Status ok
Dates 79 days old
Created on 2018-09-26
Expires on 2020-09-26
Updated on 2018-11-15
Name Servers NS59.WORLDNIC.COM (has 2,945,768 domains)
NS60.WORLDNIC.COM (has 2,945,768 domains)
Tech Contact REDACTED FOR PRIVACY
REDACTED FOR PRIVACY,
REDACTED FOR PRIVACY, REDACTED FOR PRIVACY, REDACTED FOR PRIVACY, REDACTED FOR PRIVACY
IP Address 18.104.22.168 – 141,113 other sites hosted on this server
IP Location Switzerland – Zurich – Zurich – Rook Media Gmbh
ASN Switzerland AS40034 CONFLUENCE-NETWORK-INC – Confluence Networks Inc, VG (registered Apr 11, 2011)
Domain Status Registered And Active Website
IP History 4 changes on 4 unique IP addresses over 0 years
Registrar History 1 registrar
Hosting History 4 changes on 5 unique name servers over 0 year
Website Title None given.
Domain Name: NONCOMPLIANCEREGISTER.COM
Registry Domain ID: 2315155677_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.syrahost.com
Registrar URL: http://www.crazydomains.com
Updated Date: 2018-11-16T02:33:11Z
Creation Date: 2018-09-27T00:00:00Z
Registrar Registration Expiration Date: 2020-09-27T00:00:00Z
Registrar: CRAZY DOMAINS FZ-LLC
Registrar IANA ID: 1291
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: +61.894220890
Reseller: CRAZY DOMAINS
Domain Status: ok https://icann.org/epp#ok
Registry Registrant ID: R-023531656-SN
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: REDACTED FOR PRIVACY
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: REDACTED FOR PRIVACY
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: REDACTED FOR PRIVACY
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext:
Registrant Email: REDACTED FOR PRIVACY
Registry Admin ID: C-002881298-SN
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext:
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext:
Admin Email: REDACTED FOR PRIVACY
Registry Tech ID: C-002881298-SN
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext:
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext:
Tech Email: REDACTED FOR PRIVACY
Name Server: NS59.WORLDNIC.COM
Name Server: NS60.WORLDNIC.COM
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
As you can see, there’s not a lot to see other than the fact that the domain has been live for just 79 days as I write this and pretty much all the owner details are hidden by a privacy screen.
The IP address places the site in Switzerland but as stated previously when we visited the site today it was conspicuous in its absence. This is all we could see;
Just a holding page with Google AdSense on it.
The email address extension of europdatasend.info is not a website and the reply email is simply a Hotmail account.
If and when the site does go live please don’t enter your details. All that will happen is you will find yourself swamped with similar emails from other scams as they will know, by your actions, that you are susceptible to this type of intimidatory email.
The summary is that if this is supposed to be a scam its a pretty poor one as we can see no clear way of them scamming anything. Whatever the case, if you get this email then consign it to the junk bin, fast.